[Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....

Daniel R. Gore danielgore at yaktech.com
Thu Jan 28 03:49:19 MST 2010 

Thanks John,

I will give that a try today.

Dan


On Wed, 2010-01-27 at 21:27 -0600, John H Terpstra wrote:
> On 01/27/2010 08:29 PM, Daniel R. Gore wrote:
> > Because of the extremely restrictive security environment we work under,
> > our Windows Admins have disabled the administrator account on our Domain
> > and created a new account with administrator rights.  The result is that
> > the common RID of 500 which maps to the Linux UID and GID of 500 is no
> > longer valid.  This means that when the Windows Domain controller, via
> > the Domain Administrator (which has another name and RID) tries to make
> > an account on the samba share where the profiles are intended for, it
> > fails because Samba expects this to come from the well known RID of
> > 500. 
> > 
> > Is there any way to specify in Samba what RID number to expect and use
> > for Domain Administration  management?
> > 
> > Thanks.
> > 
> > Dan
> 
> Dan,
> 
> You can assign suitable rights and privileges using the "net" utility as
> follows:
> 
> net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege
> SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege
> SeDiskOperatorPrivilege -Uadministrator%password
> 
> When correctly processed for domain group "Whatchamacallit" you will get
> something that looks like this:
> 
> net rpc rights list accounts -Uwinadmin%n3v3rgessit
> BUILTIN\Print Operators
> No privileges assigned
> 
> BUILTIN\Account Operators
> No privileges assigned
> 
> BUILTIN\Backup Operators
> No privileges assigned
> 
> BUILTIN\Server Operators
> No privileges assigned
> 
> BUILTIN\Administrators
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
> 
> Everyone
> No privileges assigned
> URDOMAIN\Whatchamacallit
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
> 
> 
> Yell if you need more help.
> 
> Cheers,
> John T.
> _________________________________
> This email has been ClamScanned !
>           www.clamav.net


_________________________________
This email has been ClamScanned !
          www.clamav.net

More information about the samba mailing list